(CBS) – Embattled retailer Target now confirms hackers did steal customer PINs during a highly publicized security breach.

It’s a stunning turnaround for Target, which initially said the PINs were not taken. Now, there are more worries for shoppers who used credit or debit cards at the stores; some are eyeing their legal options.

READ MORE: Chicago Weather: Best Rain Friday Night

CBS 2’s Chris Martinez reports.

Of all the cases like this he’s seen, attorney Joe Siprut says it’s among the worst.

“We want them to be compensated because their time is valuable,” Siprut says of the victims.

One of them is his client, a Chicago woman who is the first plaintiff in his class-action lawsuit against Target.

READ MORE: Getting Hosed: A Look At The Universe Of Chicago Water, And Its Sometimes-Sordid History, This Earth Day

“Target’s failure to safeguard information — as it should have — is basically a breach of contract. At its core it’s a breach of contract,” Siprut says.

This latest lawsuit comes as the retail giant now admits encrypted PIN numbers were also lifted in the breach, which is thought to affect around 40 million shoppers.

Target says it is “confident PIN numbers are safe and secure.”

“The PIN information was fully encrypted at the keypad … debit card accounts have not been compromised,” the retailer says.

But Prof. Bill Kresse, an expert on the methods criminals use to commit fraud, cautions that the people who breached Target could begin making dummy ATM cards if they can decode the encrypted data.

MORE NEWS: Shuttered By Pandemic Last Summer, Guthrie's Tavern In Wrigleyville Has New Owner And Will Be Reopening

Experts say if you’re affected you should consider changing your PIN or requesting a new debit or credit card, just to be safe.